What Google’s Privacy Sandbox means for the app ecosystem

Mobile advertising underwent an upheaval when Apple enabled the deprecation of the device identifier a couple of years ago. “We already lost about 50% of the ecosystem,” said Itai Cohen, SVP marketing and strategy at Digital Turbine. Now Privacy Sandbox for Android is coming down the road.

Digital Turbine, a platform for programmatic and bespoke mobile advertising, has been around since 1998 (it started out as Mandalay Digital). It’s original mission was to work with mobile carriers and device manufacturers to develop an infrastructure to support a mobile app economy. “We help mobile device manufacturers and carriers interact with the entire app economy,” said Cohen. “All of this pertains to Android specifically because iOS has always been this walled garden and closed hardware/software ecosystem where Android has been more open, putting us in a position to become familiar with the Android OS.”

More recently, Digital Turbine has developed a brand- and agency-facing business to support a whole range of ad campaigns and not just the install-app campaigns that were its bread and butter.

What did the loss of the identifier mean?

“App marketing was single-threaded on the device identifier,” said Cohen. “Companies that do app marketing would collect vast knowledge of the user, not so much in the areas of data that would create privacy concerns for the average consumer. An app developer doesn’t care whether it’s Itai or Kim: What is your propensity to click on an ad and complete an in-app purchase?”

The relatively small number of users that complete those purchases are paying for the ecosystem for the rest of us. Knowing the users with a propensity to spend is incredibly valuable, Cohen explained, and being able to tie that to an identifier in an auction allows aggressive bidding against those users.

Losing the device identifier meant losing two things: The database becomes far less useful for gauging the right level of bidding, and attribution becomes highly problematic. “Once you can’t close the loop between purchase and user acquisition spend, measuring marketing efficacy is significantly hindered.”

Privacy Sandbox: Implications for mobile advertising

Most discussion of Google’s Privacy Sandbox proposals have focused on what they mean for the Chrome browser. After all, it’s Chrome’s deprecation of cookies that has seemed to be the motivating force for the Sandbox and for proposals like Topics and Protected Audiences. But it raises significant issues for mobile marketing too.

Privacy Sandbox for Android will deprecate identifiers just as iOS already has. “Privacy Sandbox is introducing APIs and solutions that basically remove the Android Advertising ID, a unique identifier at device level that is consistent across all apps on that device.” It is possible to reset the ID, but Cohen expects only a minority of tech-savvy users to do that. Consent is easier on iOS, but consent rates are still below 20%.

The major difference between Apple’s and Google’s approaches is that users on Apple’s iOS receive a prompt from each individual app where they can choose to actively opt-in to share their device identifier (albeit consent rates are still below 20%), whereas Google’s Privacy Sandbox aims to remove user-level identifiers altogether and replace them with a set of APIs that support various advertising use-cases without relying on identifiers.

“One thing to think about,” said Cohen, “is that this brings the app and web ecosystems maybe a step closer. The digital advertising ecosystem actually evolved on the web, well before app stores even existed. The technological divide [between web and apps] made it quite hard to apply the same solutions. Privacy Sandbox maybe takes us a step toward bridging that divide.”

One big difference is that, in the web environment, just about everything happens in the cloud. Apps are pieces of software that get published in a store and downloaded to individual devices. “We can both have the same app on our device, but completely different versions if there has been an update between you downloading it and me downloading it,” said Cohen.

This all means fundamental differences in implementing Privacy Sandbox for web and app even though the APIs are consistent across both. “Topics, for example, is more holistic and will actually help bridge the divide. Some other components are inherently different. A prime example would be SDK Runtime, a component of Android Privacy Sandbox that takes the software development kits that are bundled inside of the app and have responsibility for things like measurement and advertising.”

Said Cohen, “While Chrome Privacy Sandbox is challenging to implement, mobile will be a much bigger lift. The IAB had a strong response to the Chrome Privacy Sandbox, and that was an easier process compared to the mobile side.”

Unbundling the SDKs

Until now, these pieces of code were integrated into the app. SDK Runtime, as a component of Privacy Sandbox, now unbundles SDKs from the app that hosts them. “It puts new restrictions on how SDKs and apps and other SDKs can interact,” said Cohen. This is based on the premise of limiting SDK access to data; it’s more privacy-centric for the user.

“However,” Cohen continued, “as you can imagine, that creates substantial complications for execution of advertising campaigns inside of apps.” Web technology, Cohen said, is relatively simple in comparison. “When the IAB pushes back on Chrome Privacy Sandbox and says, ‘This is hard to implement’ — come on, guys, it’s far more simple than what we’ll have to do on the mobile side.”

Cohen sees more of a challenge for companies with omnichannel offerings, especially on the demand side, than companies that are fundamentally either browser-first or mobile-first. “The Trade Desk, in order to serve their customers, is omnichannel. They would have CTV inventory, web inventory and app inventory that they are looking to buy. They would have to comply with all of these environments under the new privacy frameworks.”

An even heavier lift will be required of those companies closer to the device; those on the supply side. “For a company like ours that has a mobile exchange, the heavy lift is translating the new privacy-centric signal into something that is digestible for a DSP that does not have a direct technological link to the device itself,” Cohen said.

Dig deeper: Goodbye to cookies: Digital advertising’s leap in the dark

Google’s active dialogue

Google’s approach to mobile privacy has been very different to Apple’s, Cohen explained. “That’s why it’s taking longer, why it’s more iterative and why we’re seeing it pushed back again and again. They’ve been engaged in an active dialogue — which is costing Google a lot of money — and I think that’s why they had such a harsh response to the IAB’s report. ‘We’ve been playing nicely with you and this is what we get?'”

Google has Search and YouTube. Does it really care about app advertising? “Google cares deeply,” Cohen said. “Google owns the Play store. By and large, Google collects a 30% fee for any in-app purchase being done on the Google Play store. That has generated north of $40 billion and a 70% margin for Google just last year.”